v0.5.8 update

updated README
bumped jsch and postgresql dependency versions
build script override to generate two addons, one with a preset configuration and one without
do not verify PostgreSQL host when connecting to localhost or 127.0.0.1
dynamically set version in Setup.sql
improved error handling during archive resource extraction
decorative improvements to front-end HTML and CSS
more verbose logging when in debug mode
sync only the latest cumulative update

Author: cvogt729

README.md

@@ -28,9 +28,9 @@ update-api-9.0.002
 webserver-api-9.0.002
 
 Packaged Dependencies:
-jsch-0.2.17-sources
-jsch-0.2.17
+jsch-0.2.21-sources
+jsch-0.2.21
 json-20240303-sources
 json-20240303
-postgresql-42.7.3-sources
-postgresql-42.7.3
+postgresql-42.7.4-sources
+postgresql-42.7.4

config/BUILD_DETAILS

@@ -1,6 +1,6 @@
-url:postgresql-42.7.3.jar:https://repo1.maven.org/maven2/org/postgresql/postgresql/42.7.3/postgresql-42.7.3.jar
-url:postgresql-42.7.3-sources.jar:https://repo1.maven.org/maven2/org/postgresql/postgresql/42.7.3/postgresql-42.7.3-sources.jar
-url:jsch-0.2.17.jar:https://repo1.maven.org/maven2/com/github/mwiede/jsch/0.2.17/jsch-0.2.17.jar
-url:jsch-0.2.17-sources.jar:https://repo1.maven.org/maven2/com/github/mwiede/jsch/0.2.17/jsch-0.2.17-sources.jar
+url:postgresql-42.7.4.jar:https://repo1.maven.org/maven2/org/postgresql/postgresql/42.7.4/postgresql-42.7.4.jar
+url:postgresql-42.7.4-sources.jar:https://repo1.maven.org/maven2/org/postgresql/postgresql/42.7.4/postgresql-42.7.4-sources.jar
+url:jsch-0.2.21.jar:https://repo1.maven.org/maven2/com/github/mwiede/jsch/0.2.21/jsch-0.2.21.jar
+url:jsch-0.2.21-sources.jar:https://repo1.maven.org/maven2/com/github/mwiede/jsch/0.2.21/jsch-0.2.21-sources.jar
 url:json-20240303.jar:https://repo1.maven.org/maven2/org/json/json/20240303/json-20240303.jar
 url:json-20240303-sources.jar:https://repo1.maven.org/maven2/org/json/json/20240303/json-20240303-sources.jar

config/EXTERNAL_DEPS

@@ -0,0 +1,36 @@
+if /i "%*" EQU "--help" (
+  echo PACK              Packages all relevant files into newly created .addon and .jar archives.
+  exit /b 0
+)
+if "%*" NEQ "" (
+  echo Unexpected parameter.
+  exit /b 1
+)
+echo Packing...
+rmdir /Q /S "%classes%" >nul 2>nul
+for /D %%i in ("%trackingClasses%\*") do robocopy /E "%%~fi" "%classes%" >nul 2>nul
+robocopy /E "%src%" "%classes%" /XF "*.java" >nul 2>nul
+copy /Y "%workspace%\LICENSE" "%root%\LICENSE" >nul 2>nul
+robocopy /MIR /MOVE "%lib%" "%workspace%\lib-sources" *-sources.jar >nul 2>nul
+"%JDKBin%\jar.exe" -c -M -f "%addonFile%" -C "%root%" .
+if %ERRORLEVEL% NEQ 0 (
+  robocopy /E /MOVE "%workspace%\lib-sources" "%lib%" >nul 2>nul
+  rmdir /Q /S "%workspace%\lib-sources" >nul 2>nul
+  echo Packing unsuccessful.
+  exit /b 1
+)
+del /F "%classes%\aces\webctrl\postgresql\resources\config.dat" >nul 2>nul
+del /F "%classes%\aces\webctrl\postgresql\resources\pgsslkey.pfx" >nul 2>nul
+del /F "%classes%\aces\webctrl\postgresql\resources\pgsslroot.cer" >nul 2>nul
+"%JDKBin%\jar.exe" -c -M -f "%workspace%\!name!-blank.addon" -C "%root%" .
+if %ERRORLEVEL% EQU 0 (
+  robocopy /E /MOVE "%workspace%\lib-sources" "%lib%" >nul 2>nul
+  rmdir /Q /S "%workspace%\lib-sources" >nul 2>nul
+  echo Packing successful.
+  exit /b 0
+) else (
+  robocopy /E /MOVE "%workspace%\lib-sources" "%lib%" >nul 2>nul
+  rmdir /Q /S "%workspace%\lib-sources" >nul 2>nul
+  echo Packing unsuccessful.
+  exit /b 1
+)

ext/pack.bat

@@ -0,0 +1,28 @@
+if /i "%*" EQU "--help" (
+  echo SIGN              Signs the .addon archive.
+  exit /b 0
+)
+if "%*" NEQ "" (
+  echo Unexpected parameter.
+  exit /b 1
+)
+if exist "%addonFile%" (
+  echo Signing...
+  "%JDKBin%\jarsigner.exe" -keystore "%keystore%" -storepass "!pass!" "%addonFile%" %alias% >nul
+  if !ERRORLEVEL! EQU 0 (
+    "%JDKBin%\jarsigner.exe" -keystore "%keystore%" -storepass "!pass!" "%workspace%\!name!-blank.addon" %alias% >nul
+    if !ERRORLEVEL! EQU 0 (
+      echo Signing successful.
+      exit /b 0
+    ) else (
+      echo Signing unsuccessful.
+      exit /b 1
+    )
+  ) else (
+    echo Signing unsuccessful.
+    exit /b 1
+  )
+) else (
+  echo Cannot sign because !name!.addon does not exist.
+  exit /b 1
+)

ext/sign.bat

@@ -0,0 +1,84 @@
+#!/bin/bash
+
+# Crontab example:
+# 47 23 1 * * /bin/bash /data/ssl/renew.sh
+
+# Decsriptive name for this server
+name='PostgreSQL Database Server'
+# Keystore password
+password='PASSWORD'
+# Recipient email addresses for notifications (comma-delimited)
+recipients='[email protected],[email protected]'
+# DNS name for your SSL certificate
+dns='postgresql.domain.com'
+# Distinguished name for your SSL certificate
+dname="CN=$dns, OU=IT, O=Automatic Controls Equipment Systems\, Inc., L=Fenton, ST=MO, C=US"
+# Working directory
+folder='/data/ssl/certbot'
+# Final server certificate
+pem_cert='/data/ssl/ssl_cert'
+# Final server private key
+pem_key='/data/ssl/ssl_key'
+
+# Function to send an email
+function send_email(){
+msmtp -t <<EOF
+To: $recipients
+Subject: $1
+
+$2
+EOF
+}
+
+# Create working directory
+sudo rm -Rf "$folder"
+sudo mkdir "$folder"
+if ! cd "$folder"; then
+  send_email "$name SSL Renewal Failure" 'Monthly certificate renewal script failed to locate SSL directory.'
+  exit 1
+fi
+
+# Generate a new key
+if ! sudo keytool -keystore store -storepass "$password" -genkeypair -alias server -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -keypass "$password" -validity 365 -ext "san=dns:$dns" -dname "$dname"; then
+  send_email "$name SSL Renewal Failure" 'Monthly certificate renewal script failed to create a new 2048 bit RSA key-pair.'
+  exit 1
+fi
+
+# Generate a certificate request
+if ! sudo keytool -keystore store -storepass "$password" -alias server -certreq -file 'request.csr'; then
+  send_email "$name SSL Renewal Failure" 'Monthly certificate renewal script failed to generate CSR.'
+  exit 1
+fi
+
+# Open HTTP and HTTPS ports
+sudo ufw allow 80/tcp
+sudo ufw allow 443/tcp
+
+# Use certbot to sign the certificate request
+sudo certbot certonly --standalone --csr "$folder/request.csr" --logs-dir "$folder/logs"
+err="$?"
+
+# Close HTTP and HTTPS ports
+sudo ufw delete allow 80/tcp
+sudo ufw delete allow 443/tcp
+
+# Handle certbot failure
+if [[ "$err" != '0' ]]; then
+  sudo rm -f 'request.csr'
+  sudo rm -f ./*.pem
+  send_email "$name SSL Renewal Failure" "Monthly certificate renewal script failed: certbot encountered error. Please see '$folder/logs' for more details."
+  exit 1
+fi
+
+# Apply changes
+sudo mv -f "$(find "/data/ssl/certbot" -maxdepth 1 -name '*_chain.pem' | sort -n | tail -n 1)" "$pem_cert"
+sudo openssl pkcs12 -in store -passin "pass:$password" -nocerts -noenc | sudo openssl rsa -out "$pem_key"
+sudo chown postgres:postgres "$pem_key"
+sudo chown postgres:postgres "$pem_cert"
+sudo chmod 600 "$pem_key"
+sudo chmod 666 "$pem_cert"
+sudo systemctl reload postgresql
+
+# Clean files
+cd ..
+sudo rm -Rf "$folder"